Skip to content
Snippets Groups Projects
Unverified Commit bfe4ac18 authored by Théo Zimmermann's avatar Théo Zimmermann
Browse files

Add a section documenting how to deploy code-server without Coder.

parent 06abb3db
No related branches found
No related tags found
No related merge requests found
......@@ -346,4 +346,93 @@ Check that no load balancers or volumes are left:
```bash
openstack loadbalancer list
openstack volume list
```
\ No newline at end of file
```
## Deploying code-server to VMs without Coder or Kubernetes
When using Coder to provide a unique predefined workspace for students enrolled in a course, the flexibility brought by the Coder infrastructure and Kubernetes auto-scaling may be overkill. A possible alternative is to deploy code-server directly on VMs, without Coder or Kubernetes.
### Create the VMs and deploy code-server
The following script creates 10 VMs, deploys code-server on each of them, and generates a random password for each instance. The script assumes that the inf110 network already exists and that it contains the reverse proxy VM and the insecure Docker registry VM, as will be the case if the previous steps were followed.
```bash
for i in {1..10}; do
openstack server create \
--flavor m2.light \
--image ubuntu-noble-21-08-2024 \
--network inf110 \
--security-group default \
--security-group ssh_icmp \
--security-group HTTP_HTTPS \
--availability-zone nova \
--key-name $KEYPAIR \
-f json \
inf110-code-server-$i >> /tmp/inf110-code-server-vm-ids
done
for i in {1..10}; do
# Get the private IP of the VM
openstack server show $(jq -r .id /tmp/inf110-code-server-vm-ids | sed -n ${i}p) -f json | jq -r .addresses | cut -d'=' -f2 | cut -d',' -f1 >> /tmp/inf110-code-server-vm-ips
done
for i in {1..10}; do
# Generate a random password
PASSWORD=$(pwgen -s 8 1)
echo $PASSWORD >> /tmp/inf110-code-server-vm-passwords
# SSH to the VM
ssh -J ubuntu@137.194.210.143 ubuntu@$(jq -r .addresses /tmp/inf110-code-server-vm-ips | sed -n ${i}p) << EOF
sudo apt update
sudo apt-get install -y docker.io
sudo tee /etc/docker/daemon.json << 'EOF2'
{
"insecure-registries" : [ "10.0.0.99:5000" ]
}
EOF2
sudo systemctl reload docker
mkdir -p .config/code-server
tee .config/code-server/config.yaml << 'EOF2'
bind-addr: 0.0.0.0:8080
auth: password
password: $PASSWORD
cert: false
EOF2
mkdir -p tp/.vscode
sudo docker run -d --name code-server -p 80:8080 -v $(pwd)/tp:/home/coder/tp -v $(pwd)/.config/code-server:/home/coder/.config/code-server --restart unless-stopped 10.0.0.99:5000/inf110-workspace:latest /usr/bin/code-server
EOF
done
```
### Deploy the workspace contents
```bash
for file in inf110-workspace-contents/README.md inf110-workspace-contents/_CoqProject inf110-workspace-contents/tp1.ipynb inf110-workspace-contents/tp1-mysterious-tm.png inf110-workspace-contents/tp*.mv; do
for i in {1..10}; do
scp -J ubuntu@137.194.210.143 $file ubuntu@$(jq -r .addresses /tmp/inf110-code-server-vm-ips | sed -n ${i}p):tp
done
done
for i in {1..10}; do
scp -J ubuntu@137.194.210.143 inf110-workspace-contents/settings.json ubuntu@$(jq -r .addresses /tmp/inf110-code-server-vm-ips | sed -n ${i}p):tp/.vscode
done
```
### Reverse proxy configuration
The reverse proxy configuration redirects different endpoints to the different code-server instances. The private IP of a VM determines the endpoint.
```nginx
location ~ ^/code-server-(\d+) {
# Capture the server number
set $server_number $1;
# Rewrite the URL to strip the /code-server-{NUMBER}/ part
rewrite ^/code-server-\d+/(.*)$ /$1 break;
# Dynamically construct the proxy_pass target
proxy_pass http://10.0.0.$server_number;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
```
Each code-server instance is accessible at `https://tp-inf110.r2.enst.fr/code-server-{NUMBER}/?folder=/home/coder/tp`, with a specific password generated during the VM creation, and stored in `/tmp/inf110-code-server-vm-passwords`.
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment